Copied from
ubuntu xenial in
Canonical CPC Secret Sauces
by Robert C Jennings
Changelog
qemu (1:2.6.1+dfsg-0ubuntu5.2~ubuntu16.04.1~ppa1) xenial; urgency=medium
* No-change backport to xenial
qemu (1:2.6.1+dfsg-0ubuntu5.2) yakkety; urgency=medium
[ Rafael David Tinoco ]
* Fixed wrong migration blocker when vhost is used (LP: #1626972)
- d/p/vhost_migration-blocker-only-if-shared-log-is-used.patch
qemu (1:2.6.1+dfsg-0ubuntu5.1) yakkety-security; urgency=medium
* SECURITY UPDATE: DoS via unbounded memory allocation
- debian/patches/revert-afd9096eb1882f23929f5b5c177898ed231bac66.patch:
removed to add back size check in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-2.patch: recalculate vq->inuse after
migration in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-3.patch: decrement vq->inuse in
virtqueue_discard() in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-4.patch: zero vq->inuse in
virtio_reset() in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-5.patch: discard virtqueue element on
reset in hw/virtio/virtio-balloon.c.
- CVE-2016-5403
* SECURITY UPDATE: use after free while writing in vmxnet3
- debian/patches/CVE-2016-6833.patch: check for device_active before
write in hw/net/vmxnet3.c.
- CVE-2016-6833
* SECURITY UPDATE: DoS via infinite loop during packet fragmentation
- debian/patches/CVE-2016-6834.patch: check fragment length during
fragmentation in hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6834
* SECURITY UPDATE: Buffer overflow in vmxnet_tx_pkt_parse_headers()
- debian/patches/CVE-2016-6835.patch: check IP header length in
hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6835
* SECURITY UPDATE: Information leak in vmxnet3_complete_packet
- debian/patches/CVE-2016-6836.patch: initialise local tx descriptor in
hw/net/vmxnet3.c.
- CVE-2016-6836
* SECURITY UPDATE: Integer overflow in packet initialisation in VMXNET3
- debian/patches/CVE-2016-6888.patch: use g_new for pkt initialisation
in hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6888
* SECURITY UPDATE: directory traversal flaw in 9p virtio backend
- debian/patches/CVE-2016-7116-1.patch: forbid illegal path names in
hw/9pfs/9p.c.
- debian/patches/CVE-2016-7116-2.patch: forbid . and .. in file names
in hw/9pfs/9p.c.
- debian/patches/CVE-2016-7116-3.patch: handle walk of ".." in the root
directory in hw/9pfs/9p.*.
- debian/patches/CVE-2016-7116-4.patch: fix potential segfault during
walk in hw/9pfs/9p.c.
- CVE-2016-7116
* SECURITY UPDATE: OOB read and infinite loop in pvscsi
- debian/patches/CVE-2016-7155.patch: check page count while
initialising descriptor rings in hw/scsi/vmw_pvscsi.c.
- CVE-2016-7155
* SECURITY UPDATE: infinite loop when building SG list in pvscsi
- debian/patches/CVE-2016-7156.patch: limit loop to fetch SG list in
hw/scsi/vmw_pvscsi.c.
- CVE-2016-7156
* SECURITY UPDATE: invalid memory access in mptsas
- debian/patches/CVE-2016-7157-1.patch: fix an assert expression in
hw/scsi/mptconfig.c.
- debian/patches/CVE-2016-7157-2.patch: fix misuse of
MPTSAS_CONFIG_PACK in hw/scsi/mptconfig.c.
- CVE-2016-7157
* SECURITY UPDATE: buffer overflow in xlnx.xps-ethernetlite
- debian/patches/CVE-2016-7161.patch: fix a heap overflow in
hw/net/xilinx_ethlite.c.
- CVE-2016-7161
* SECURITY UPDATE: OOB stack memory access in vmware_vga
- debian/patches/CVE-2016-7170.patch: correct bitmap and pixmap size
checks in hw/display/vmware_vga.c.
- CVE-2016-7170
* SECURITY UPDATE: Infinite loop when processing IO requests in pvscsi
- debian/patches/CVE-2016-7421.patch: limit process IO loop to ring
size in hw/scsi/vmw_pvscsi.c.
- CVE-2016-7421
* SECURITY UPDATE: null pointer dereference in virtio
- debian/patches/CVE-2016-7422.patch: dd check for descriptor's mapped
address in hw/virtio/virtio.c.
- CVE-2016-7422
* SECURITY UPDATE: denial of service in LSI SAS1068 Host Bus
- debian/patches/CVE-2016-7423.patch: use g_new0 to allocate
MPTSASRequest object in hw/scsi/mptsas.c.
- CVE-2016-7423
* SECURITY UPDATE: memory leakage during device unplug in xhci
- debian/patches/CVE-2016-7466.patch: fix memory leak in usb_xhci_exit
in hw/usb/hcd-xhci.c.
- CVE-2016-7466
* SECURITY UPDATE: denial of service in mcf via invalid count
- debian/patches/CVE-2016-7908.patch: limit buffer descriptor count in
hw/net/mcf_fec.c.
- CVE-2016-7908
* SECURITY UPDATE: denial of service in pcnet via invalid length
- debian/patches/CVE-2016-7909.patch: check rx/tx descriptor ring
length in hw/net/pcnet.c.
- CVE-2016-7909
* SECURITY UPDATE: denial of service via memory leak in virtio-gpu
- debian/patches/CVE-2016-7994.patch: fix memory leak in
virtio_gpu_resource_create_2d in hw/display/virtio-gpu.c.
- CVE-2016-7994
* SECURITY UPDATE: denial of service via memory leak in ehci
- debian/patches/CVE-2016-7995.patch: fix memory leak in
ehci_process_itd in hw/usb/hcd-ehci.c.
- CVE-2016-7995
* SECURITY UPDATE: denial of service via infinite loop in xhci
- debian/patches/CVE-2016-8576.patch: limit the number of link trbs we
are willing to process in hw/usb/hcd-xhci.c.
- CVE-2016-8576
* SECURITY UPDATE: host memory leakage in 9pfs
- debian/patches/CVE-2016-8577.patch: fix potential host memory leak in
v9fs_read in hw/9pfs/9p.c.
- CVE-2016-8577
* SECURITY UPDATE: NULL dereference in 9pfs
- debian/patches/CVE-2016-8578.patch: allocate space for guest
originated empty strings in fsdev/9p-iov-marshal.c, hw/9pfs/9p.c.
- CVE-2016-8578
* SECURITY UPDATE: OOB buffer access in rocker switch emulation
- debian/patches/CVE-2016-8668.patch: set limit to DMA buffer size in
hw/net/rocker/rocker.c.
- CVE-2016-8668
* SECURITY UPDATE: infinite loop in Intel HDA controller
- debian/patches/CVE-2016-8909.patch: check stream entry count during
transfer in hw/audio/intel-hda.c.
- CVE-2016-8909
* SECURITY UPDATE: infinite loop in RTL8139 ethernet controller
- debian/patches/CVE-2016-8910.patch: limit processing of ring
descriptors in hw/net/rtl8139.c.
- CVE-2016-8910
* SECURITY UPDATE: memory leakage at device unplug in eepro100
- debian/patches/CVE-2016-9101.patch: fix memory leak in device uninit
in hw/net/eepro100.c.
- CVE-2016-9101
* SECURITY UPDATE: denial of service via memory leak in 9pfs
- debian/patches/CVE-2016-9102.patch: fix memory leak in
v9fs_xattrcreate in hw/9pfs/9p.c.
- CVE-2016-9102
* SECURITY UPDATE: information leakage via xattribute in 9pfs
- debian/patches/CVE-2016-9103.patch: fix information leak in xattr
read in hw/9pfs/9p.c.
- CVE-2016-9103
* SECURITY UPDATE: integer overflow leading to OOB access in 9pfs
- debian/patches/CVE-2016-9104.patch: fix integer overflow issue in
xattr read/write in hw/9pfs/9p.c.
- CVE-2016-9104
* SECURITY UPDATE: denial of service via memory leakage in 9pfs
- debian/patches/CVE-2016-9105.patch: fix memory leak in v9fs_link in
hw/9pfs/9p.c.
- CVE-2016-9105
* SECURITY UPDATE: denial of service via memory leakage in 9pfs
- debian/patches/CVE-2016-9106.patch: fix memory leak in v9fs_write in
hw/9pfs/9p.c.
- CVE-2016-9106
qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
* No-change rebuild to compile against new libxen version.
qemu (1:2.6.1+dfsg-0ubuntu4) yakkety; urgency=medium
* retain older xenial machine type to avoid issues starting guests
created on xenial prior to the SRU for bug 1621042. In that regard the old
broken xenial machine type and the new fixed one have both to be considered
as valid LTS machine types (LP: #1626070).
qemu (1:2.6.1+dfsg-0ubuntu3) yakkety; urgency=medium
* fix default ubuntu machine types. (LP: #1621042)
- add dep3 header to d/p/ubuntu/define-ubuntu-machine-types.patch
- remove double default and double ubuntu alias
- drop former devel releases utopic, vivid, wily
- add xenial and yakkety machine types
- add q35 based ubuntu machine type starting at xenial
- add ubuntu machine types on ppc64el and s390x starting at xenial
qemu (1:2.6.1+dfsg-0ubuntu2) yakkety; urgency=medium
* Enable GPU Passthru for ppc64le (LP: #1541902)
- 0001-spapr-ensure-device-trees-are-always-associated-with.patch
- 0002-spapr_pci-Use-correct-DMA-LIOBN-when-composing-the-d.patch
- 0003-spapr_iommu-Finish-renaming-vfio_accel-to-need_vfio.patch
- 0004-spapr_iommu-Move-table-allocation-to-helpers.patch
- 0005-vmstate-Define-VARRAY-with-VMS_ALLOC.patch
- 0006-spapr_iommu-Introduce-enabled-state-for-TCE-table.patch
- 0007-spapr_iommu-Migrate-full-state.patch
- 0008-spapr_iommu-Add-root-memory-region.patch
- 0009-spapr_pci-Reset-DMA-config-on-PHB-reset.patch
- 0010-spapr_pci-Add-and-export-DMA-resetting-helper.patch
- 0011-memory-Add-reporting-of-supported-page-sizes.patch
- 0012-memory-Add-MemoryRegionIOMMUOps.notify_started-stopp.patch
- 0013-intel_iommu-Throw-hw_error-on-notify_started.patch
- 0014-spapr_iommu-Realloc-guest-visible-TCE-table-when-sta.patch
- 0015-vfio-spapr-Add-DMA-memory-preregistering-SPAPR-IOMMU.patch
- 0016-vfio-Add-host-side-DMA-window-capabilities.patch
- 0017-vfio-spapr-Create-DMA-window-dynamically-SPAPR-IOMMU.patch
- 0018-spapr_pci-spapr_pci_vfio-Support-Dynamic-DMA-Windows.patch
- 0019-vfio-spapr-Remove-stale-ioctl-call.patch
- 0020-spapr-Fix-undefined-behaviour-in-spapr_tce_reset.patch
- 0021-memory-Fix-IOMMU-replay-base-address.patch
qemu (1:2.6.1+dfsg-0ubuntu1) yakkety; urgency=medium
* New upstream release. LP: #1617055.
* Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
* SECURITY UPDATE: DoS via unbounded memory allocation
- debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
- CVE-2016-5403
* SECURITY UPDATE: oob write access while reading ESP command
- debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
maximum CDB size and handle migration in hw/scsi/esp.c,
include/hw/scsi/esp.h, include/migration/vmstate.h.
- CVE-2016-6351
* SECURITY UPDATE: infinite loop in virtqueue_pop
- debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
length in hw/virtio/virtio.c.
- CVE-2016-6490
qemu (1:2.6+dfsg-3ubuntu1) yakkety; urgency=medium
* Merge with Debian; remaining changes:
- debian/rules: do not drop the init scripts loading kvm modules
(still needed in precise in cloud archive)
- qemu-system-common.postinst:
* remove acl placed by udev, and add udevadm trigger.
* reload kvm_intel if needed to set nested=1
- qemu-system-common.preinst: add kvm group if needed
- add qemu-kvm upstart job and defaults file (rules,
qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
- rules,qemu-system-x86.modprobe: support use under older udevs which
do not auto-load the kvm kernel module. Enable nesting by default
on intel.
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- apport hook for qemu source package: d/source_qemu-kvm.py,
d/qemu-system-common.install
- Make qemu-system-common and qemu-utils depend on qemu-block-extra
to fix errors with missing block backends.
- s390x:
* Create qemu-system-s390x package
* Enable pie by default, on ubuntu/s390x.
* Enable svm by default for qemu64 on amd
* Include s390-ccw.img firmware
* have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
relationship, but qemu-efi is still in universe right now.
qemu (1:2.6+dfsg-3) unstable; urgency=high
* more security fixes picked from upstream:
- CVE-2016-4454 fix (vmsvga) (Closes: CVE-2016-4454)
vmsvga-add-more-fifo-checks-CVE-2016-4454.patch
vmsvga-move-fifo-sanity-checks-to-vmsvga_fifo_length-CVE-2016-4454.patch
vmsvga-shadow-fifo-registers-CVE-2016-4454.patch
- vmsvga-don-t-process-more-than-1024-fifo-commands-at-once-CVE-2016-4453.patch
(Closes: CVE-2016-4453)
- scsi-check-buffer-length-before-reading-scsi-command-CVE-2016-5238.patch
(Closes: #826152, CVE-2016-5238)
* set urgency to high due to the amount of
security fixes accumulated so far
qemu (1:2.6+dfsg-2) unstable; urgency=medium
* add missing log entries for previous upload,
remove closing of #807006 (it is not closed)
* Added vga-add-sr_vbe-register-set.patch from upstream
This fixes regression (in particular with win7 installer)
introduced by the fix for CVE-2016-3712 (commit fd3c136)
* fix-linking-relocatable-objects-on-sparc.patch (Closes: #807006)
* Lots of security patches from upstream:
- net-mipsnet-check-packet-length-against-buffer-CVE-2016-4002.patch
(Closes: #821061, CVE-2016-4002)
- i386-kvmvapic-initialise-imm32-variable-CVE-2016-4020.patch
(Closes: #821062, CVE-2016-4020)
- esp-check-command-buffer-length-before-write-CVE-2016-4439.patch,
esp-check-dma-length-before-reading-scsi-command-CVE-2016-4441.patch
(Closes: #824856, CVE-2016-4439, CVE-2016-4441)
- scsi-mptsas-infinite-loop-while-fetching-requests-CVE-2016-4964.patch
(Closes: #825207, CVE-2016-4964)
- scsi-pvscsi-check-command-descriptor-ring-buffer-size-CVE-2016-4952.patch
(Closes: #825210, CVE-2016-4952)
- scsi-megasas-use-appropriate-property-buffer-size-CVE-2016-5106.patch
(Closes: #825615, CVE-2016-5106)
- scsi-megasas-initialise-local-configuration-data-buffer-CVE-2016-5105.patch
(Closes: #825614, CVE-2016-5105)
- scsi-megasas-check-read_queue_head-index-value-CVE-2016-5107.patch
(Closes: #825616, CVE-2016-5107)
- block-iscsi-avoid-potential-overflow-of-acb-task-cdb-CVE-2016-5126.patch
(Closes: #826151, CVE-2016-5126)
- scsi-esp-check-TI-buffer-index-before-read-write-CVE-2016-5338.patch
(Closes: #827024, CVE-2016-5338)
- scsi-megasas-null-terminate-bios-version-buffer-CVE-2016-5337.patch
(Closes: #827026, CVE-2016-5337)
* hw-dma-omap-spelling-fix-endianness.patch (lintian)
* arm-spelling-fix-mismatch.patch (lintian)
qemu (1:2.6+dfsg-1ubuntu1) yakkety; urgency=medium
* Merge with Debian; remaining changes: (LP: #1583775)
- debian/rules: do not drop the init scripts loading kvm modules
(still needed in precise in cloud archive)
- qemu-system-common.postinst:
* remove acl placed by udev, and add udevadm trigger.
* reload kvm_intel if needed to set nested=1
- qemu-system-common.preinst: add kvm group if needed
- add qemu-kvm upstart job and defaults file (rules,
qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
- rules,qemu-system-x86.modprobe: support use under older udevs which
do not auto-load the kvm kernel module. Enable nesting by default
on intel.
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- apport hook for qemu source package: d/source_qemu-kvm.py,
d/qemu-system-common.install
- Make qemu-system-common and qemu-utils depend on qemu-block-extra
to fix errors with missing block backends. (LP: #1495895)
- s390x:
* Create qemu-system-s390x package
* Enable pie by default, on ubuntu/s390x.
* Enable svm by default for qemu64 on amd
* Include s390-ccw.img firmware
* have qemu-system-aarch64 Suggest: qemu-efi; this should be a stronger
relationship, but qemu-efi is still in universe right now.
* Drop patches which have been applied upstream:
qemu (1:2.6+dfsg-1) unstable; urgency=medium
* new upstream release
Closes: #799115
Closes: #822369, #823588
Closes: #813698
Closes: #805827
Closes: #813585
Closes: #823830 CVE-2016-3710 CVE-2016-3712
Closes: #813193 CVE-2016-2198
Closes: #813194 CVE-2016-2197
Closes: #815008 CVE-2016-2392
Closes: #815009 CVE-2016-2391
Closes: #815680 CVE-2016-2538
Closes: #821038 CVE-2016-4001
Closes: #822344 CVE-2016-4037
Closes: #817181 CVE-2016-2841
Closes: #817182 CVE-2016-2857
Closes: #817183 CVE-2016-2858
- removed all patches applied upstream
- removed mjt-set-oem-in-rsdt-like-slic.diff, feature has been
implemented in upstream differently
- refreshed local patches
* do not recommend sharutils for qemu-utils anymore (Closes: #820449)
* typo fix in qemu-system-misc description (Closes: #822883)
* allow qemu-debootstrap to create mips64el chroot (Closes: #817234)
* switch VCS URLs from http to https (lintian)
* Bump Standards-Version to 3.9.8 (no changes)
* code spelling fixes from upstream
* added s390x-virtio-ccw-fix-spelling.patch from upstream
* added hw-ipmi-fix-spelling.patch from upstream
* added docs-specify-spell-fix.patch from upstream
* added fsdev-spelling-fix.patch from upstream
* fold long list of supported arches in package descriptions
qemu (1:2.5+dfsg-5ubuntu12) yakkety; urgency=medium
* Cherrypick upstream patches to support the query-gic-version QMP command
(LP: #1566564)
qemu (1:2.5+dfsg-5ubuntu11) yakkety; urgency=medium
[Stefan Bader]
* Enable svm by default for qemu64 on amd (LP: #1561019)
-- Daniel Watkins <email address hidden> Tue, 13 Dec 2016 14:42:19 +0000